CVE-2017-7659 Information

Share on:

Feb 14, 2021 cve

Description

A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24 2.4.25 to dereference a NULL pointer and crash the server process.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://www.debian.org/security/2017/dsa-3896 http://www.securityfocus.com/bid/99132 http://www.securitytracker.com/id/1038711 https://access.redhat.com/errata/RHSA-2017:2483 https://lists.apache.org/thread.html/1d0b746bbaa3a64890fcdab59ee9050aaa633b7143e7d412374e5a9a@3Cannounce.httpd.apache.org3E https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@3Ccvs.httpd.apache.org3E https://security.gentoo.org/glsa/201710-32 https://security.netapp.com/advisory/ntap-20180601-0002/ https://support.apple.com/HT208221 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us https://www.tenable.com/security/tns-2019-09

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5